[twitter-dev] Re: Trying to do a GET after autenticating via OAuth
I'm using an OAuth library I've developed in PHP. Do I need to pass all the parameters through the query also? On Jul 21, 9:25 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi there, If you've gotten to the point of retrieving an access token, it's likely you managed to get the composite signing key right (or your library handled it for you) -- as when you're exchanging the request token for an access token, you use the oauth_token_secret from the request token as part of the signing key. Are you using an OAuth library? When you're making a resource request such as one to verify_credentials, you'll use the oauth_token_secret you received in the access token step as part of the signing key: $consumer_secret + + $oauth_token_secret Taylor On Wed, Jul 21, 2010 at 12:13 PM, clinisbut clinis...@gmail.com wrote: Hello everybody. I just achieved to autenticate via OAuth, and I'm trying to get user's data through account/verify_credentials but I think I'm not building correctly the composite signing key or something, mainly because I'm not able to fully understand all the different tokens I receive from Twitter. After I got my access token, I got: An oauth_token in the form of: /¿User-ID?/-/letters+numbers/ An oauth_token_secret Which one I should use to built the composite key? Inhttp://dev.twitter.com/pages/auth they use the first oauth_token getted in the request token, and in the Resource request example they use the oauth_token_secret. These is the headers I sent: OAuth oauth_consumer_key=XX, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1279738886, oauth_nonce=a97ff8b71a313a03a650068e1e6b9bd8f31ad04f, oauth_version=1.0, oauth_token=- X, oauth_signature=0OFTpLp8o %2BL9%2B6o8mkRdBSS8I84%3D and then I do a GET request to:http://api.twitter.com/1/account/verify_credentials.json But all I got is: 401 Unauthorized Failed to validate oauth signature and token
[twitter-dev] Re: Trying to do a GET after autenticating via OAuth
Ok, I just discovered http://dev.twitter.com/console, I'm matching the composite signing key created by this console and mine and don't match (obviously I'm using the same visible parameter values (timestamp, nonce, oauth_token and consumer key) and my composite signing it's not hte same... On Jul 21, 10:03 pm, clinisbut clinis...@gmail.com wrote: I'm using an OAuth library I've developed in PHP. Do I need to pass all the parameters through the query also? On Jul 21, 9:25 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi there, If you've gotten to the point of retrieving an access token, it's likely you managed to get the composite signing key right (or your library handled it for you) -- as when you're exchanging the request token for an access token, you use the oauth_token_secret from the request token as part of the signing key. Are you using an OAuth library? When you're making a resource request such as one to verify_credentials, you'll use the oauth_token_secret you received in the access token step as part of the signing key: $consumer_secret + + $oauth_token_secret Taylor On Wed, Jul 21, 2010 at 12:13 PM, clinisbut clinis...@gmail.com wrote: Hello everybody. I just achieved to autenticate via OAuth, and I'm trying to get user's data through account/verify_credentials but I think I'm not building correctly the composite signing key or something, mainly because I'm not able to fully understand all the different tokens I receive from Twitter. After I got my access token, I got: An oauth_token in the form of: /¿User-ID?/-/letters+numbers/ An oauth_token_secret Which one I should use to built the composite key? Inhttp://dev.twitter.com/pages/auth they use the first oauth_token getted in the request token, and in the Resource request example they use the oauth_token_secret. These is the headers I sent: OAuth oauth_consumer_key=XX, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1279738886, oauth_nonce=a97ff8b71a313a03a650068e1e6b9bd8f31ad04f, oauth_version=1.0, oauth_token=- X, oauth_signature=0OFTpLp8o %2BL9%2B6o8mkRdBSS8I84%3D and then I do a GET request to:http://api.twitter.com/1/account/verify_credentials.json But all I got is: 401 Unauthorized Failed to validate oauth signature and token
Re: [twitter-dev] Re: Trying to do a GET after autenticating via OAuth
Hi, Know it sounds strange, but I'd stay away from the dev.twitter.com console when trying to debug an issue like this. Even if it weren't buggy, the execution path it uses to perform OAuth operations is a bit different than what you typically would do in your own implementation. Are you married to the idea of using a homebrew OAuth library? Not to dissuade you too much, but there are a number of good libraries in PHP out there both for Twitter and OAuth -- at the very least, I would recommend using one of these as a reference for your own implementation. OAuth is difficult for many even when using well-written libraries.. (See http://dev.twitter.com/pages/oauth_libraries#php and http://dev.twitter.com/pages/libraries#php ) If you are set on writing your own library, I recommend using HTTP header based OAuth (as opposed to attaching OAuth parameters to the query string) -- it keeps your concerns separate, making it much easier to debug when things go wrong. Taylor On Wed, Jul 21, 2010 at 1:39 PM, clinisbut clinis...@gmail.com wrote: Ok, I just discovered http://dev.twitter.com/console, I'm matching the composite signing key created by this console and mine and don't match (obviously I'm using the same visible parameter values (timestamp, nonce, oauth_token and consumer key) and my composite signing it's not hte same... On Jul 21, 10:03 pm, clinisbut clinis...@gmail.com wrote: I'm using an OAuth library I've developed in PHP. Do I need to pass all the parameters through the query also? On Jul 21, 9:25 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi there, If you've gotten to the point of retrieving an access token, it's likely you managed to get the composite signing key right (or your library handled it for you) -- as when you're exchanging the request token for an access token, you use the oauth_token_secret from the request token as part of the signing key. Are you using an OAuth library? When you're making a resource request such as one to verify_credentials, you'll use the oauth_token_secret you received in the access token step as part of the signing key: $consumer_secret + + $oauth_token_secret Taylor On Wed, Jul 21, 2010 at 12:13 PM, clinisbut clinis...@gmail.com wrote: Hello everybody. I just achieved to autenticate via OAuth, and I'm trying to get user's data through account/verify_credentials but I think I'm not building correctly the composite signing key or something, mainly because I'm not able to fully understand all the different tokens I receive from Twitter. After I got my access token, I got: An oauth_token in the form of: /¿User-ID?/-/letters+numbers/ An oauth_token_secret Which one I should use to built the composite key? Inhttp://dev.twitter.com/pages/auth they use the first oauth_token getted in the request token, and in the Resource request example they use the oauth_token_secret. These is the headers I sent: OAuth oauth_consumer_key=XX, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1279738886, oauth_nonce=a97ff8b71a313a03a650068e1e6b9bd8f31ad04f, oauth_version=1.0, oauth_token=- X, oauth_signature=0OFTpLp8o %2BL9%2B6o8mkRdBSS8I84%3D and then I do a GET request to:http://api.twitter.com/1/account/verify_credentials.json But all I got is: 401 Unauthorized Failed to validate oauth signature and token
